Lucene search

[email protected]CVE-2023-36380

HistoryOct 10, 2023 - 11:15 a.m.

CVE-2023-36380

2023-10-1011:15:11

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-36380

cp-8031

cp-8050

master module

ssh

authorized_keys

debug support

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Affected configurations

NVD

Node

siemenscp-8050_firmwareRange<05.11cpci85

AND

siemenscp-8050Match-

Node

siemenscp-8031_firmwareRange<05.11cpci85

AND

siemenscp-8031Match-

CPENameOperatorVersion
siemens:cp-8050_firmwaresiemens cp-8050 firmwarelt05.11

CPE	Name	Operator	Version
siemens:cp-8050_firmware	siemens cp-8050 firmware	lt	05.11

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "CP-8031 MASTER MODULE",
    "versions": [
      {
        "version": "All versions < CPCI85 V05.11 (only with activated debug support)",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "CP-8050 MASTER MODULE",
    "versions": [
      {
        "version": "All versions < CPCI85 V05.11 (only with activated debug support)",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]